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METHOD AND DEVICE FOR DATA ENCRYPTION 
IN PROGRAMMING OF CONTROL UNITS 

Field Of The Invention 

The present invention relates to a method and a device for 
data encryption in programming of control units. 

5 Background Information 

Electronically stored data is encrypted to prevent it from 

u being intercepted or even altered. Without the proper key for 

Q decryption of the data, it cannot be used by an unauthorized 

jj party. 
10© 

y. In programming a control unit, a data stream is transmitted 

SO via a data line from a programming unit to a control unit for 

'jm programming. Meanwhile, both users and programmers have - 

UJ demanded methods of encrypting the data stream. This is to 

15jj? prevent unauthorized access to the content of the memory 

Q modules in the control unit . 

iU 

It should be pointed out that the encryption method should be 
suitable for use with other coding methods and compression 
20 methods without any loss of efficacy or without causing any 
mutual impairment of the methods. 

A distinction should be made between symmetrical and 
asymmetrical methods. In the symmetrical methods, one key is 
25 used for both encryption and decryption. In asymmetrical 
methods, the key for encryption differs from the key for 
decryption . 

A symmetrical, block-oriented encryption method in which 
30 wandering XOR masks are used for encryption is known. This 
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method is characterized by its simplicity and is therefore 
especially suitable for use in control units. One disadvantage 
is that a potential hacker may discover the key from large 
areas of known data (e.g., filler areas which are usually made 
up of FFh or OOh) . Long chains of the same bits usually occur 
especially when using compression methods based on Huffmann 
coding. This makes it easier for the hacker to break the code. 

United States Patent No. 5,724,428 describes a method of 
transmitting data which permits encryption and decryption of 
the transmitted data. This publication describes the use of a 
secret key which is also transmitted in encrypted form from 
the sender to the receiver. This secret key is then used to 



Q 

0 encrypt and decrypt the data transmitted. 

!:fi 



15 s 

H The encryption method per se uses a field of any desired size 
fjj which is linked to the values to be encrypted. It is important 

* 2 here that the data to be encrypted is first divided into first 

m 

U\ words and second words. These words may have any desired but 
2(0 fixed lengths. Subseguently an invertible operation is applied 
£3 to these words. First, the first words are linked to the first 
element of the field described above and then the second words 
are linked to the second element of the field. The words are 
alternately linked together by the invertible operation and 
25 then they are rotated by the number of positions corresponding 
to the other word. Then the next element of the field 
described above is added to these words. 

Since the data to be encrypted is divided into first words and 
30 second words, this method may not be applied to individual 

bytes. The fact that the key is also be transmitted each time 
has proven to be complicated as well as risky. 

Summary Of The Invention 
35 The present invention provides an alternative method and a 
device for data encryption in programming of control units. 
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According to the method of the present invention, the data to 
be transmitted is first encrypted with a first key in a 
programming unit, the encrypted data is transmitted via a data 
line to a control unit and the data is decrypted in the 
5 control unit using a second key which is provided in the 
control unit. 

Due to the fact that the key is not being transmitted with the 
data but instead is already provided in the control unit, data 
10 volume to be transmitted is reduced and security is increased. 

The device according to the present invention for data 
, . encryption in programming of control units has a programming 
sp unit in which a first key is provided, a control unit in which 
1E>~: a second key is provided, and a data line for transmission of 
Q the encrypted data. 

f& In the method according to the present invention, either a 
symmetrical encryption method or an asymmetrical encryption 
20UJ method may be used. If the first key and the second key are 
S identical, it is a symmetrical encryption method. If the first 
P key and the second key are not identical, it is an 
ifef asymmetrical encryption method. 

25 A table S having m elements S 0 through S m _ ± can be used for the 
encryption. This table is accessed by using a hash function 
h(x), where h(x) is an index. 

An encrypted byte n* is formed from an unencrypted byte n 
30 according to the following procedure (a starting value n_ 2 is 
used for encryption and decryption) : 

n_ 1 ^S 0 (formula 1) 
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n t «< X n)_ x 0 S , . , ( formula 2 ) 

V j-0 J h\ f n* A 



Unencrypted byte n is formed from an encrypted byte n* 
according to the following procedure: 



j=0 



Q The key may be implemented in the form of an electronic 

Q circuit, e.g., in an ASIC or a computer program. 

£|t The computer program may be stored on suitable data media such 

* m as EEPROMs, flash memories or even CD ROMs, diskettes or hard 

lij drives. The computer program is run on an electronic computing 

'!£ unit, e.g., a microprocessor, in the programming unit or 

153 control unit. 



The programming unit and the control unit may include an 
electronic computing unit and a memory module linked together 
by a data bus. For example, a microprocessor may be used as 
the electronic computing unit . 

In the case when the key is transmitted from the sender to the 
receiver, a table which is accessed by a hash function is also 
suitable for use as the key. 

Brief Description Of The Drawings 

Figure 1 shows an embodiment of the device according to the 
present invention in a schematic diagram. 

Figure 2 shows an embodiment of the method according to the 
present invention in a flow chart. 
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Detailed Description 

Figure 1 shows schematically the design of a device according 
to the present invention, having a programming unit 10, a 
control unit 11 and a data line 12. In addition, programming 
5 unit 10 has a microprocessor 13 and a memory element 14 which 
are linked together by a data bus 15. A comparable schematic 
design is also found in control unit 11, which has a 
microprocessor 16, a memory module 17 and a data bus 18. 

10 The mode of operation of the device according to the present 
invention is explained below: 

Data for programming control unit 11 is stored in memory 
(3 module 14 of programming unit 10. The data is encrypted by 
15- microprocessor 13 by using a table and a hash function which 

Q are also stored in memory module 14. 

%■ 

[»<& 

03 This method makes use of the following reversible operations: 

h 

20jj - rotation to the left (within a byte) : «< 

! j! - rotation to the right (within a byte) : »> 

|*J - byte-by-byte exclusive or: © 

' ru 

The results here are invariant with respect to rotation by 
25 multiples of 8. 

For encryption, a table S having m elements S 0 through S m _! is 
used. This table is accessed by a hash function h(x), where 
h(x) is an index. 

30 

For a simpler description, the successive bytes during 
encryption are provided with an index i, where i = 0, 1, 2, 

35 An encrypted byte n* is formed from an unencrypted byte n 

according to the following procedure (a starting value is 
used for decryption and encryption) : 
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(formula 1) 



n i 



I = yi «< £ J 

V j=0 




(formula 2) 



The encrypted data is then transmitted via data line 12 to 
control unit 11. If the data is intercepted during 
transmission, it is harmless because the encrypted data cannot 
be utilized without the key, which is not transmitted along 
with the data. 

The encrypted data is stored in memory module 17 of control 
unit 11. Memory module 17 contains the same key as that in 
memory module 14 of programming unit 10. The data is decrypted 
again with this key. 

Unencrypted byte n is formed from an encrypted byte n* 
according to the following procedure: 



Then control unit 11 may be programmed. The decrypted data is 
processed by microprocessor 16. 

The flow chart in Figure 2 illustrates the sequence of the 
method according to the present invention. 

In step 20, the encryption of the data which is provided for 
programming the control unit is performed first. The data to 
be encrypted is not broken down into first and second words, 
as described in the related art. Therefore, this method may 




(formula 3) 
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also be used for individual bytes. This method employs a 
rotation about a number of positions which depends on the 
entire history of the encryption. The encryption of a byte is 
thus not predetermined but instead depends on the history. 

The elements of the field are not used in linear sequence but 
instead are selected by a hash function. The linking is not 
additive, but instead is accomplished by way of an exclusive 
or operation. An additional parameter is not the number of the 
operation but instead the selection of the hash function. This 
greatly reduces operating time. 

Data transmission via data line 12 takes place in a subsequent 
step 21. Since the transmitted data is encrypted, it is of no 
use for a possible hacker. 

Then in step 22 the data is entered, i.e., stored in memory 
module 17 of control unit 11. 

Then in step 23, the data is decrypted. The key for decryption 
is stored as a computer program in the memory module of 
control unit 11. 



The same key is used for decryption as the key used for 
encryption. This is thus a symmetrical method. 

In comparison with the method described above in which 
wandering XOR masks are used for encryption, the key is not 
transmitted in the data stream or together with other 
parameters but instead is already present in the control unit. 
In addition, no table is generated from pseudo-random numbers 
on the basis of such parameters. 



In contrast with known methods, there is no addition of key 
values during the encryption and decryption. In the method 
according to the present invention, the input values are not 
distributed among two or more registers and so they can be 
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altered simultaneously thereafter. 



The method according to the present invention is characterized 
in that the key, namely in this case the table and the hash 
5 function, are not transmitted over the data line in the data 
stream but instead are already present in the control unit. 

The method described here does not distribute the input values 
to two or more registers so they can be altered simultaneously 
10 thereafter, so it may also be used for individual bytes; this 
is particularly advantageous within flash programming. 

s ^ The method according to the present invention is typically used 

0 by a plurality of users. Therefore, that inadvertent data 

is';i exchange between different users is to be prevented. This is 

O avoidable because the method described here is parameterizable . 

H 

OP With this method it is possible to safely encrypt large domains 

fn having the same content (filling areas) . The encrypted domains 

2CW do not provide any information regarding the key used. A byte- 

|p wise allocation between input and output data is impossible. 

8 

This method does not require a temporary memory location for 
the data stream or parts thereof. Only one byte is needed as 
25 the memory location for the running total. The code demand for 
decryption is very low (approx. 130 bytes) . This is extremely 
important for use in automotive control units. 

It is also possible to adapt this method to different 
30 requirements by using a user-specific table. In addition, any 
desired hash function may be used for table access to make 
possible inferences regarding the content of the table 
difficult. 

35 The data throughput with the system described here can be as 
high as 7 MB /minute, for example. 
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